Re: Help to use PKCS 11 functions in firefox extension
Akkshayaa Venkatram wrote: >> From the mozilla tree, >> http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11pub.h#109 >> >> >> I want to call the PK11 functions for encrypt, decrypt, sign, verify, >> etc.. from my Firefox extension that is written in javascript. Robert Relyea wrote, On 2008-11-26 10:14: >> I looked at the XPCOM IDL's for PKCS11 and only one very few functions >> are implemented in that to be called from the javascript. If i have to >> be able to call the other PK11 functions that works with my smart card >> device, from the javascript file, what is the best solution ? >> >> Are these functions implemented in any existing IDLs? >> Should i write a new XPCOM Interface that links to these PK11 functions? > There is every little PK11_ functions is exported right now, it pretty > much happens when someone has a need (like PSM Chrome). > That being said, must of the functionality for PK11_GenerateKeyPair is > available through either: > > 1) the keygen tag (I'm not sure how you reach it from XPCOM, but I'm > pretty sure it's reachable). --- or --- > 2) the crypto.generateCRMFRequest() object off of the window. (see > hhttps://developer.mozilla.org/en/GenerateCRMFRequest) > > both of these are available to web pages as well as extensions. I would add that we do NOT want to allow ordinary web pages to generate keys and sign or decrypt stuff using the user's private keys without his knowledge. That would be a big security hole. So rather than giving javascripts raw unfettered access to PKCS#11, our practice in the past has been to provide other APIs by which the script can request certain actions, but sufficient UI is provided to ensure that the user remains in control of how his private keys are used at all times. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Help to use PKCS 11 functions in firefox extension
I'll repeat my answer to your question in the opensc list. We should probably keep followups in this list since there is more NSS/mozilla expertise here (which is really where your questionis coming from)... Akkshayaa Venkatram wrote: Hello, From the mozilla tree, http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11pub.h#109 I want to call the PK11 functions for encrypt, decrypt, sign, verify, etc.. from my Firefox extension that is written in javascript. Eg: SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk, PRBool isPerm, PRBool isSensitive, void *wincx); I looked at the XPCOM IDL's for PKCS11 and only one very few functions are implemented in that to be called from the javascript. If i have to be able to call the other PK11 functions that works with my smart card device, from the javascript file, what is the best solution ? Are these functions implemented in any existing IDLs? Should i write a new XPCOM Interface that links to these PK11 functions? There is every little PK11_ functions is exported right now, it pretty much happens when someone has a need (like PSM Chrome). That being said, must of the functionality for PK11_GenerateKeyPair is available through either: 1) the keygen tag (I'm not sure how you reach it from XPCOM, but I'm pretty sure it's reachable). --- or --- 2) the crypto.generateCRMFRequest() object off of the window. (see hhttps://developer.mozilla.org/en/GenerateCRMFRequest) both of these are available to web pages as well as extensions. bob Please suggest the best method to proceed further.. Also any useful links that i can refer smime.p7s Description: S/MIME Cryptographic Signature ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Help to use PKCS 11 functions in firefox extension
Hello, From the mozilla tree, http://mxr.mozilla.org/mozilla/source/security/nss/lib/pk11wrap/pk11pub.h#109 I want to call the PK11 functions for encrypt, decrypt, sign, verify, etc.. from my Firefox extension that is written in javascript. Eg: SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk, PRBool isPerm, PRBool isSensitive, void *wincx); I looked at the XPCOM IDL's for PKCS11 and only one very few functions are implemented in that to be called from the javascript. If i have to be able to call the other PK11 functions that works with my smart card device, from the javascript file, what is the best solution ? Are these functions implemented in any existing IDLs? Should i write a new XPCOM Interface that links to these PK11 functions? Please suggest the best method to proceed further.. Also any useful links that i can refer Thanks in advance, Akkshayaa Quoting Robert Relyea <[EMAIL PROTECTED]>: Akkshayaa Venkatram wrote: Hi I am developing a Firefox extension that calls PKCS 11 functions like C_Encrypt, C_Sign, C_Decrypt and others.. We don't expose the direct C_ calls in NSS. NSS typically has the token open during the entire time, so applications making calls and changing states could cause some issues. You can still access the functionality through the PK11 wrapper functions, but not many of those are exposed in javascript. I am not sure how to call these functions from the javascript file. I have an idea that i must wrap these C functions in XPCOM-IDL. But not sure of how to do it..and what XPCOM IDL to use. Yes, The actual "C" functions you need to wrap are defined in pk11pub.h. I usually look at some of the mozilla extensions built into the mozilla tree for examples on how to build an XPCOM file. This is a generic question which you can get a better answer on how to create xpcom objects in C and call it from javascript in the xpcom mailing lists. bob ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Help to use PKCS 11 functions in firefox extension
Akkshayaa Venkatram wrote: Hi I am developing a Firefox extension that calls PKCS 11 functions like C_Encrypt, C_Sign, C_Decrypt and others.. We don't expose the direct C_ calls in NSS. NSS typically has the token open during the entire time, so applications making calls and changing states could cause some issues. You can still access the functionality through the PK11 wrapper functions, but not many of those are exposed in javascript. I am not sure how to call these functions from the javascript file. I have an idea that i must wrap these C functions in XPCOM-IDL. But not sure of how to do it..and what XPCOM IDL to use. Yes, The actual "C" functions you need to wrap are defined in pk11pub.h. I usually look at some of the mozilla extensions built into the mozilla tree for examples on how to build an XPCOM file. This is a generic question which you can get a better answer on how to create xpcom objects in C and call it from javascript in the xpcom mailing lists. bob smime.p7s Description: S/MIME Cryptographic Signature ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto